Jamf Nation Community

ImAMacGuy · ‎12-16-2021

Started doing some initial testing with ZScaler ZCC and noticed that while the installer didn't prompt for it, under Security and Privacy > Full Disk Access there is a ZscalerTunnel binary that's unchecked.

Does anybody have a config profile for enabling that or is it okay to just have it disabled?

tzeilstra · ‎12-17-2021

We've been running Zscaler for a little while and don't have that checked. I did notice there are a LOT of apps that add themselves to that list and very few actually need full disk access.

View solution in original post

geoff_widdowson · ‎12-21-2021

I have used Zscaler for 2 years and never needed Full Disk Access control. My only Configuration Profile is the Zscaler cert, as since Big Sur it is required. I can't see a reason Zscaler would ever need Full Disk Access, but I guess they have just made the option there just in case.

View solution in original post

tzeilstra · ‎12-17-2021

We've been running Zscaler for a little while and don't have that checked. I did notice there are a LOT of apps that add themselves to that list and very few actually need full disk access.

ethamzy1 · ‎12-23-2022

Fairly new to JAMF, how are you deploying ZSACLER on the MAC? I have the cert installing fine, but not the program itself. Thanks.

ImAMacGuy · ‎12-27-2022

I created a new installer with composer, dropped the files into a temp folder, and created a post install script to run the installer command line and arguments we needed.

Then told composer to create a pkg.

iPhone. iTypos. iApologize. 

geoff_widdowson · ‎12-21-2021

I have used Zscaler for 2 years and never needed Full Disk Access control. My only Configuration Profile is the Zscaler cert, as since Big Sur it is required. I can't see a reason Zscaler would ever need Full Disk Access, but I guess they have just made the option there just in case.

scottb · ‎03-07-2022

@geoff_widdowson - do you have more info on the cert for ZScaler? I'm not seeing that piece in the docs...

Thank you

tzeilstra · ‎03-07-2022

If you're doing SSL inspection with Zscaler, the workstation needs to trust Zscaler with a cert lest it assume it's falling victim to a man-in-the-middle attack.

scottb · ‎03-07-2022

Thanks, @tzeilstra - I'm just starting on this and don't see mention where/how to get the cert...

I've not even been given the config requirements yet so I'm trying to look at this before I get the formal request...

tzeilstra · ‎03-07-2022

For now, just assume you'll need a cert and work w/ vendor on that part if you move forward

scottb · ‎03-07-2022

OK, thanks. Are you using any PPPC profiles for this? @tzeilstra

geoff_widdowson · ‎03-16-2022

The cert will be installed when Zscaler is installed, but won't be trusted in the keychain. Upload the cert into a Configuration Profile, using the certificate payload.

scottb · ‎03-16-2022

Thank you @geoff_widdowson - I installed via Jamf and got the cert which appears to be trusted in my keychain without making a profile. Wonder why?

geoff_widdowson · ‎03-16-2022

Maybe newer versions of Zscaler has resolved the issue. I was using Zscaler 2.2.4.0 when Big Sur came out and thats when I had to deploy a cert using a configuration profile. I now have Zscaler 3.4, but never checked if it needed the cert from the config.

scottb · ‎03-16-2022

Ah, possibly. I'm using "Zscaler-osx-3.6.0.53-installer" at this moment...

I'll have to check on other Macs to see if this isn't a leftover from prior testing a while back.

Thanks for the replies.

Jamf Nation Community

ZScaler Full Disk Access?